<?php
require_once '../../a_config.php';
require_once "{$A_CONFIG['api_include']}";
require_once '../../api_header.php';
$conn = connect_to_db();
$err = -1;
$msg = "";
$page_num = 10;//每页显示数量
$condition = array();
$aa = "";
if (isset($_POST['token']) && !empty($_POST["token"]) &&
    isset($_POST['time']) && !empty($_POST["time"]) &&
    isset($_POST['passwd']) && !empty($_POST["passwd"]) &&
    isset($_POST["index"]) && !empty($_POST["index"])
) {
    $key = $A_CONFIG['api_key'];
    $unixtime = $_POST['time'];
    $token = md5($key . $unixtime);
    if ($token == $_POST["token"]) {
        $passwd = mysql_real_escape_string($_POST["passwd"]);
        //开启session
        if (!session_id()) {
            session_start();
        }
        $username = $login_username;
        //验证密码
        $sql1 = "SELECT `password` FROM `{$A_CONFIG['project_pre']}_backstage_admin_list` WHERE username='$username' and is_del=0 limit 1";
        $res1 = mysql_query($sql1, $conn);
        if (is_resource($res1) && mysql_num_rows($res1) != 0) {
            $row1 = mysql_fetch_array($res1, MYSQL_ASSOC);
            $database_passwd = $row1["password"];
            if ($database_passwd == $passwd) {

                $id = mysql_real_escape_string($_POST["index"]);
                $where = "where status=1 and id='$id' limit 1";
                $s_db_name = $A_CONFIG['project_pre'] . '_order_info';
                $sql = "SELECT * FROM {$s_db_name} $where";
                $res = mysql_query($sql, $conn);
                if (is_resource($res) && mysql_num_rows($res) != 0) {
                    $row = mysql_fetch_assoc($res);
                    //存在进行退款
                    $access_token = getIcbcToken($conn);
                    $merID = "140248160420";//商户号 140206023225   v140248160420
                    $out_trade_no = $row['pay_id'];//商户订单号
                    $dataArr = compact("merID", "out_trade_no");
                    $sendUrl = "https://imapi.icbc.com.cn/open/order/queryorder?access_token=" . urlencode($access_token['accesstoken']);//获取链接
                    $result = javaGetHttps($sendUrl, json_encode_cn($dataArr), $access_token['sessionkey']);
                    $res_string = decrypt(java_to_string($result), $access_token['sessionkey']);
                    $ICBC_result = json_decode($res_string, true);
                    if ($ICBC_result['error_code'] == '0') {
                        //更新订单
                        $sql="update $s_db_name set status='-1' $where";
                        mysql_query($sql, $conn);
                        $msg = "退款成功";
                        $err = 0;
                    } else {
                        $msg = $ICBC_result['error_msg'];
                        $err = -2;
                    }
                    $sql = "insert into `{$A_CONFIG['project_pre']}_icbc_refund_log` (pay_id,send_url,icbc_result,create_time) value ('$out_trade_no','$sendUrl','$res_string',now())";
                    mysql_query($sql, $conn);
                } else {
                    $err = -3;
                    $msg = "该账号不存在";
                }
            } else {
                $err = -3;
                $msg = "密码错误";
            }
        } else {
            $err = -3;
            $msg = "该账号不存在";
        }
    } else {
        $err = -4;
        $msg = "数据处理出错";

    }


} else {
    $err = -5;
    $msg = "参数错误";
}
if (!$A_CONFIG['is_debug']) {
    $resArr = compact("err", "msg");
} else {
    $resArr = compact("err", "msg", 'sql', "ICBC_result");
}
ob_clean();
$resJson = json_encode_cn($resArr);
echo $resJson;
